Computers have become targets for various types of sophisticated electronic attacks and misuse, such as viruses, “spyware,” “Trojan horses,” denial of service, misuse of business computing resources, misappropriation of data, electronic trespass, “SPAM,” and so forth. Electronic attacks typically target one or more operating system (OS) components, such as OS subsystems, applications, device drivers, services, registries, user accounts, or other resources associated with computer systems.
System administrators may also require computer systems they administer to comply with other requirements, such as requirements imposed by privacy or corporate governance laws. As an example, system administrators may require computer systems to have the latest software patches.
In response to the increasing number of attacks and other requirements, businesses and individuals have adopted various security policies to shield their computers. The security policies may specify software requirements, such as virus protection software, firewall software, monitoring software, SPAM-filtering software, and other security software products; procedures, such as periodic password reset and file system access permissions; and other security-related measures. Although system administrators install, configure, and manage security software products in compliance with security policies, the computer systems they administer may lose compliance when a security policy changes or when a security software product's configuration changes. The computer systems may also no longer be compliant when procedures are not diligently followed, such as when passwords are not reset, files are accessible by more user accounts than the policy permits, malicious code is installed inadvertently and so forth.
In large organizations, system administrators may need to ensure that server computers, desktop computers, handheld computers, and other computer systems comply with various security policies, such as by checking compliance and enforcing security policies regularly. As examples, the system administrators may need to ensure that (1) servers and other computer systems have been updated with the latest “service packs” or other updates; (2) users have access to only files or folders consistent with security policies; (3) user accounts and passwords are managed in a manner that is consistent with relevant security policies, and so forth. System administrators may be responsible for hundreds or even thousands of computer systems. When this is the case, enforcing security policies can be difficult, time-consuming, and even error-prone.